2 matches found
org.jenkins-ci.plugins:gerrit-verify-status-reporter (>=0.0.2 <=0.0.3), org.jenkins-ci.plugins:msginject (>=0.1.0 <=0.1.1) +1 more potentially affected by CVE-2019-16552 via com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (>=2.14.0 <=2.22.0)
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger MAVEN version =2.14.0, =0.0.2, =0.1.0, =1.0, =2.4.6 Source cves: CVE-2019-16552 Source advisory: OSV:GHSA-4R39-F4RH-J6Q8...
CVE-2019-16552
CVE-2019-16552 affects Jenkins Gerrit Trigger Plugin (versions 2.30.1 and earlier). Root cause: a missing permission check allows attackers with Overall/Read to connect to an attacker-specified HTTP/SSH endpoint using attacker-specified credentials, and to determine the existence of a file on the...